Sign up for our weekly security newsletter

RSA says that Cybercriminals Might Have Stolen Billions during Transactions by Brazilians

Security researchers of security firm RSA have discovered a significant cybercrime operation in Brazil which aimed at transactions of billion dollars by Brazilians.

Researchers of RSA said that they have discovered a Boleto malware (Bolware) ring which compromised around 495,753 Boleto transactions during a period of two years.

The campaign targeted "boletos", a kind of invoice used by merchants which people can pay without having a bank account. According to RSA, customers could pay any invoices generated by merchants from energy bills to mortagages bills coming by post or coming through online shopping.

RSA said in a recently released Whitepaper on the malware "First signs of its existence appeared at the end of 2012 or early 2013. Our Research Group analyzed version 17 of the malware collecting data between March to June 2014. The main function of Boleto malware is to gain access to Boleto payments from individual consumers or companies and redirect those payments from victims to fake accounts."

According to the paper, the malware also collects credentials of users from Microsoft online email services like live.com, hotmail.com and outlook.com in spite of being not directly related to Boleto payment systems.

The report of RSA reveals that these stolen credentials are being used to support infection campaigns by spreading spam email.

In 2012, Boleto malware was used for 18% of all payments made in Brazil.

Independent Security Researcher, Brian Krebs of Krebsonsecurity.com revealed in a leaked bot web-panel one malware gang operating a botnet had netted US$250,000 from 383 boleto transactions during four months till June (2014) this year.

RSA also counted more than 192,000 computers and thirty-four bank brands infected with boleto malware in Brazil.

The authors of malware were constantly updating their products to keep abreast of defensive operations by Brazil banks and have pushed out 19 fixes till date.

Telegram.com published news on 2nd July 2014 quoting Avivah Litan, a Cybersecurity Analyst at Gartner, as saying "cybercrime is more widespread in Brazil than it is in the United States and Brazil has been the trendsetter in cybercrime in many ways."